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DETAILED ACTION 



1. 



The Office Action is responsive to the communication filed on 07/17/2009. 



2. 



Claims 1-8, 23-29, and 35-41 are pending in the application. 



Information Disclosure Statement 



3. The information disclosure statement (IDS) submitted on 07/17/09 is in compliance with 
the provisions of 37 CFR 1 .97. Accordingly, the information disclosure statement is being 
considered by the examiner. 



4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

5. Claim 3 recites the limitation "the authentication procedure." There is insufficient 
antecedent basis for this limitation in the claim. 



5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



Claim Rejections - 35 USC § 112 



Claim Rejections - 35 USC § 103 
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6. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 
(1966), that are applied for establishing a background for determining obviousness under 35 
U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness 
or nonobviousness. 

7. Claims 1,3-4, 6-7, 23, 25, 28, 36-37, 39-40 are rejected under 35 U.S.C. 103 (a) as being 
unpatentable over Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 
20030028899). 

8. As per claim 1, Raciborski et al. teaches a method comprising: 

receiving, at a server, a request from a client to take an action with respect to an electronic 
document ([ABSTRACT], [0028]) 

retrieving a document identifier (e.g., content object descriptions) from the request ([0028], 
[0032]); 

determining whether user authentication is needed based on the document identifier and the 
action ([0020], [0030] [0035], [0036] e.g., authorization is performed, i.e., checking rights for 
purchased content, based on the content object and making use of the content object) 

Raciborski et al. teaches a specified authentication procedure ([0033] e.g., an authentication 
procedure is interpreted as a program that uses authentication steps. The program corresponds to 
the download manager. The download manager software uses an authentication procedure, i.e., 
password interface, to verify the user is permitted to access the content objects ([0037]) 
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Raciborski et al. is silent as to sending information specifying an acceptable authentication 
procedure. For clarity, multiple versions of the download manager will be discussed below. 
The manager program is considered an acceptable authentication procedure. However, it is 
foreseeable that multiple versions may be present on the server, which may result in 
compatibility issues with the client. Therefore, there is a need to send information regarding the 
most suitable version of the download manager, i.e., authentication procedure, that the client 
should be using) 

Maclnnis teaches sending information specifying an acceptable authentication procedure 
([ABSTRACT], [0012] e.g., descriptor information, i.e., information regarding an acceptable 
procedure. The Examiner's position is that a) a download manager is compiled and available to a 
client and b) before downloading a particular manager, descriptive information is provided to the 
client such that the best 'module version,' i.e., download manager, is available to the client. This 
version of the download manager provides an authentication procedure, i.e., checking user 
restrictions when downloading content objects, see [0045], [0039]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to modify Raciborski et al. to include descriptor information sent to the client such 
that the client could choose the 'best' manager program, as taught by Maclnnis. Raciborski et al. 
teaches multiple, available versions of a download manager ([0033]). Maclnnis teaches enabling 
the client to select the best 'module version.' Since enabling the client to select the best and 
most often compatible version of the download manager, i.e., authentication procedure, based on 
client capabilities, it would have been obvious to send descriptive information about the manager 
program, i.e., authentication procedure, to ensure a compatible program (program version is 
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downloaded and installed) 

Maclnnis teaches receiving an authentication procedure update request ([0012] e.g., it is 
interpreted that as authoring sources generate module versions, new versions become available to 
the client. A client would select a new version of the download manager, i.e., authentication 
procedure update request) in response to the client processing of the information specifying an 
acceptable authentication procedure (e.g., when new versions are available, the client could 
review and install these versions after receiving the descriptor list, i.e., processing information. 
After processing the information, the client could request the new version, i.e., authentication 
procedure update) but does not teach the request for information, i.e., descriptors, is initiated by 
the client. Maclnnis teaches a client initiating the request for updates ([0007] e.g., the 
Examiner's position the aforementioned steps could be initiated by the client simply by 
communicating a need for updates to the server. From this point, the server would then send the 
client the descriptor list) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to enable a client to request an updated procedure. Maclnnis teaches that new 
versions are made available to the client, which would be unknown to the client. Maclnnis, as 
modified, teaches that a client would make a request for new versions. Maclnnis, as modified, 
teaches that in response a descriptor list would be sent to the client showing the client the 
available versions, and from which a client may select the best version. In effect, in response to 
the client processing the available list, i.e., information specifying an acceptable authentication 
procedure, the client would receive an updated version of a program. 
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Raciborski et al teaches obtaining, at the server and in response to the authentication 
procedure update request (e.g., client requesting a new version of the download manager, where 
this manager includes authentication steps), a software program (e.g., download manager) 
comprising instructions operable to cause one or more data processing apparatus to perform 
operations effecting the authentication procedure ([0033] e.g., a download manager, i.e., 
software program, embodies authentication step such as checking user authentication, i.e., steps 
to authenticate a user); and 

sending the software program to the client for use in identifying a current user and controlling 
the action with respect to the electronic document based on the current user and document- 
permissions information associated with the electronic document ([0032], [0033], [0035] e.g., 
downloading manager software) 

9. As per claim 3, teaches receiving, at a se Raciborski et al. teaches a method comprising: 

receiving, at a server, a request from a client to take an action with respect to an electronic 
document ([ABSTRACT], [0028], [0032]) 

obtaining, at the server and in response to the request, a software program (e.g., download 
manager embodying an authentication procedure) comprising instructions operable to cause one 
or more data processing apparatus to perform operations effecting the authentication procedure 
([0033] e.g., a download manager, i.e., software program, is selected as the best module available 
in response to the client processing descriptor lists, i.e., information specifying an acceptable 
authentication procedure. The download manager effectuates an authentication procedure, i.e., 
verifying the user ([0037]) 

sending the software program to the client for use in identifying a current user and 
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controlling the action with respect to the electronic document based on the current user and 
document-permissions information associated with the electronic document ([0032], [0033], 
[0035], [0037] e.g., downloading manager program. The user is identified [0037]. Based on 
user authentication, content objects are accessible); 

receiving an updated authentication procedure (e.g., Raciborski et al. as modified by 
Maclnnis, teaches where the program would have authoring sources generating new modules 
([0012] e.g., updated authentication procedure or updating the download manager. It is 
interpreted that a new version, as generated, is an updated authentication procedure because a 
download program is a procedure to authenticate a user) 

receiving a subsequent request from the client to take the action with respect to the electronic 
document (e.g., as modified, supra claim 1, a client would make a request for a newer version. 
This solves the pertinent problem of ensuring that the client is always up to date); 

obtaining, at the server and in response to the subsequent request, a new software program 
comprising instructions operable to cause one or more data processing apparatus to perform 
operations effecting the updated authentication procedure (e.g., supra claim 1, where a new 
version is made available, the client receives the available versions prior to downloading (e.g., 
descriptor list), and subsequently the client would install the new program. The Examiner's 
position is that as new modules become available, a client could initiate a check to see whether a 
new module is available, in response the client would receive a descriptor list showing the 
available versions, and in response select the best module); 

sending the new software program to the client for use in identifying the current user and 
controlling the action with respect to the electronic document based on the current user and the 
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document-permissions information associated with the electronic document ([0033] e.g., as 
modified, supra claim 1 discussion, new versions are made available, i.e., new software program, 
for subsequent installation) 

10. As per claim 23, Raciborski et al., as modified, teaches a system comprising: 

a client that sends an authentication procedure update request (e.g., requesting new version of 
the download manager) to a server in response to client processing of information received from 
the server (e.g., supra claim 1 discussion. In response to the client processing available versions, 
i.e., descriptor list, the client would request a newer version of software based on the received 
descriptor list. The initial request could be initiated by the client such that following the request 
for newer versions, the client would process the descriptor list, and then request a newer version. 
The initial client request is simply for checking for new versions. Following this initial request, 
the client can request an actual version, i.e., requesting authentication procedure update based on 
the received descriptor list) 

wherein the information received from the server specifies one or more acceptable 
authentication procedures (e.g., descriptor list. As modified, the descriptor list would include the 
available versions of a download manager) 

the server that receives the authentication procedure update request, and in response to the 
client, the server obtains and sends a software program comprising instructions operable to cause 
one or more data processing apparatus to perform operations effecting an authentication 
procedure (e.g., supra claim 1, where the server has multiple versions of modules, in response to 
the client needing software, the server sends the descriptor list to the client, the client can then 
make a request for a new version of software, and the server will send the software to the client); 
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and 

wherein the client uses the software program (e.g., download manager) to identify the current 
user (0037) and control an action with respect to an electronic document based on the current 
user and document-permissions information associated with the electronic document, and 
wherein the action comprises an action taken with respect to the electronic document subsequent 
to opening the electronic document at the client ([0043], [Figure 4D] e.g., supra claim 1 
discussion) 

11. As per claim 25 Rociborski et al. teaches the system of claim 23, wherein the client 
includes a security handler that provides a server-communication interface to the software 
program ([0020] e.g., transaction session identifier) 

12. As per claim 36, teaches the system of claim 23, Raciborski et al., as modified, teaches 
wherein the server receives a subsequent request from the client to take action with respect to the 
electronic document ([0045] e.g., downloads implies that more than one request can be made) 
but Raciborski et al. does not teach obtaining, in response to the subsequent request, a new 
authentication process, and sends the new authentication process to the client for use in 
identifying the current user and controlling the action with respect to the electronic document 
based on the current user and the document permissions information associated with the 
electronic document. Maclnnis teaches checking for new versions and enabling the client to 
continuously be updated with versions 

Therefore, it would have been obvious to one of ordinary skill in the art to have provided a 
client with an updated authentication program if a newer version was available at the time of 
communication. It is foreseeable that newer versions are made available, these versions may be 
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made available in response to a client seeking an update, a server informing the client of an 
update, and or when a client communicates with the server (e.g., as in the case of requesting 
downloads). 

13. As per claims 4 and 37, Raciborski et al. teaches software program uses an existing 
interface provided by the client to communicate authentication information to the server ([FIG 
2A-208]) 

14. Claims 5, 26, and 38 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in 
further view over Hu (USPN 5586260) 

15. As per claims 5, 26, and 38, Raciborski et al. teaches receiving credentials information 
from the client derived at least in part based on input obtained by the client using the software 
program ([0041], [0043] e.g., passwords) but does not teach communicating with a third part 
authentication server to authenticate the current user based on the credentials information. Hu 
teaches a third party authentication server ([ABSTRACT]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to implement a third party authentication server as taught by Hu et al. Hu teaches a 
method for authenticating a client for a server. Raciborski teaches a system for authenticating a 
user/client to enable access to content stored on a server. Since a third party authentication 
server provides a well known means in which to maintain, store, and retrieve credentials, it 
would have been advantageous to provide this server as an additional means, in effect providing 
both redundancy in addition to reducing load on the primary server. 
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16. As per claims 6 and 39 Rociborski et al. teaches the method of claim 5, wherein the input 
obtained by the client comprises text input ([0041], [0043] e.g., password). 

17. As per claims 7 and 40, Rociborski et al. teaches the method of claim 5, wherein the 
input obtained by the client comprises biometric data ([0043] e.g., biometric authentication) 

18. Claims 8, 27, 38, and 41 are rejected over Raciborski et al. (USPN 20050132083) in view 
of Heath et al. (USPN 6006034) and in further view of Hu (USPN 5586260). 

19. As per claims 8,27, 38, and 41, Raciborski et al. teaches receiving input from a client 
using the software ([0041], [0043]) e.g., password). It does not teach receiving an authentication 
receipt from a third party authentication server based on input obtained by the client using the 
software. Hu teaches returning an access key from an authentication gateway acting as a proxy 
server to the client, i.e., receipt, based on credentials ([ABSTRACT], [COL 1 lines 58-63] e.g., 
receiving an authentication receipt from a third party authentication server) and verifying the 
current user with the third party authentication server using the authentication receipt ([COL 1 
lines 18-20], lines 59-63], [ABSTRACT] e.g., authenticating a client) 

Therefore, at the time the invention was made, it would have been obvious to have provided a 
means in which to authenticate a client via saving security credentials,. Raciborski et al. teaches 
authenticating a user via credentials as to enable access to content on a server. Hu et al. teaches 
saving security credentials for later use and generating an access key for their retrieval and 
passing the access key to the client. In effect, saving the security credentials for later use and 
providing an access key for their retrieval obviates the need for repeated authentication. As a 
result, the system is further optimized and limits redundant authentication procedures. 

20. As per claim 28, Raciborski et al, as modified, teaches a server comprising: 
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a server core with configuration and logging components ([0029]) 

an internal services component that provides functionality across dynamically loaded 

methods ([0029] e.g., web page) 

dynamically loaded external services providers, including an authentication service 

provide ( supra Hu for authentication server - ABSTRACT) 

21 . Claim 29 is rejected under 35 U.S.C. 103 (a) as being unpatentable over Raciborski et al. 
(USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in further view over 
Tenerelllo (USPN 7233981) 

22. As per claim 29, Raciborski et al. teaches a business logic tier comprising a cluster of 
document control servers ([0029] e.g. content delivery networks); an application tier including 
the client comprising a viewer client, a securing client, and an administration client ([FIG 1-FIG 
2A - client computer functions via providing a view - browser, securing - downloading the 
manager (securing a program), and administration (storage media)). However, Racoborski et al. 
does not teach a load balancer that routes client requests to the document control server. 
Tenerello teaches a system and method for load balancing ([COL 1 lines 14-20], [COL 2 lines 
63-67]) 

Therefore, at the time the invention was made, one of ordinary skill would have motivation 
to load balance a system. Raciborski et al. teaches that various user computers may access 
content objects ([0029]) Tenerello teaches a load balancing means in which multiple requests 
may be efficiently processed. Since load balancing increases performance of a system, it would 
have been obvious to have enabled a system employing multiple user computers, each requesting 
access to a resource, a means to load balance the requests as to optimize the system. 
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23. Claims 2, 24, and 35 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Raciborski et al. (USPN 20050132083) in view over Maclnnis (USPN 20030028899) and in 
further view over Kano et al. (USPN 20030135650) 

24. As per claims 2, 24, and 35, Raciborski et al. does not teach a second server providing the 
software program. Kano et al. teaches a backup server ([ABSTRACT]) 

Therefore, at the time the invention was made, one of ordinary skill in the art would have 
motivation to include a backup server as a means of providing redundancy. In the event of a 
failure of the primary server, it would have been beneficial to utilize a backup server as a means 
of distributing the software program, modules, and versions as they become available. 

Response to Amendment 

25. The amendment filed 07/17/09 has been considered. 

Response to Arguments 

26. Applicant's arguments with respect to claims 1,3, and 23 have been considered but are 
moot in view of the new ground(s) of rejection. The new ground of rejection pertains to 
clarification of the download manager functioning to verify the user opposed to the program 
itself. 
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For clarity, a download manager is considered an authentication procedure because a user is 
authenticated prior to accessing content objects. As modified, multiple versions of the download 
manager] authorization procedure are stored on the server. An update to the download manager 
is considered an updated authorization procedure, resulting in these versions. The client is sent 
information, i.e., available programs for download via the server. The client processes this 
information. Based upon updates to the download manager of authorization procedure, the client 
may download the most compatible version based on the client capabilities. 

Applicant points out that the authentication performed is authentication of the program, not a 
user. Raciborski teaches the user authenticated in addition to authentication of the download 
manager ([0037], [0043], [0045] e.g., as understood, a user is authenticated via password access) 

It is interpreted that any program that performs user authentication is an authorization 
procedure. Here, the download manager authenticates the user (0037) Additionally, it is implied 
that the use of DRM (0032) manages user access to content objects. Only authorized users may 
download content objects. The password interface of the download manager verifies the user. It 
is understood that this verification is not for verifying the integrity of the download manager, as 
discusses in 0035, but rather is to ensure the user is permitted to access content objects for that 
user (0037, 0043, 0045 - user passwords are required to allow access to content objects) 

The download manager, in view of the above discussion, provides user authentication. As 
modified, it is foreseeable this program will be upgraded, resulting in multiple versions. When 
upgraded, a new download manager results in a new authentication procedure. The client is sent 
information about the available versions. In response to processing this information, the client 
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will download a new version of the authentication procedure or download manager. The 
Examiner is treating the download manager and authentication procedure as one in the same. 

The 'information ' specifying an acceptable authentication procedure is not defined. It is 
unclear what this information pertains to. 

It is also noted that the claim language does not tie together the authentication procedure to the 
user. User authentication is first determined and subsequently information specifying an 
acceptable authentication procedure is sent. Subsequently, a program is sent that performs user 
authentication. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to DARRIN DUNN whose telephone number is (571)270-1645. 
The examiner can normally be reached on EST:M-R(8:00-5:00) 9/5/4. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert DeCady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/DD/ 
11/21/09 



/Albert DeCady/ 
Supervisory Patent Examiner 
Art Unit 2121 



